By using AWS re:Post, you agree to the Terms of Use
/ed25519 fingerprint mismatch because of extra padding from AWS `=`/

ed25519 fingerprint mismatch because of extra padding from AWS `=`


Hello. I'm encountering an interesting scenario where the generated fingerprint for my imported/created ed25519 SSH key is different from the one reported by ssh-keygen.

For example:



And AWS generated the fingerprint:


So, there is extra padding for some reason. Does anyone know why that is so?

Cheers, Gergely.

asked 24 days ago1 views
2 Answers

As per this page the equal sign at the end is padding to ensure correct Base64 encoding.

answered 23 days ago
  • Yeah, I know WHAT the equal sign is. :) The question is, why it's there when local workflow doesn't produce it. But I figured it out in the end.


I got it.

From other posts here as well, but the answer is that they are using a base64 sha256 openssl combo like this:

$ cat ~/.ssh/ | base64 -w0 -d | openssl dgst -binary -sha256 | base64 -w0; echo

Where the pub key was generated from the downloaded ec2 pem key like this:

ssh-keygen -y -f ~/.ssh/ec2-key.pem > ~/.ssh/
answered 21 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions